Skip to content

Fix/necessary Category Readonly Settings#28

Merged
jasperf merged 5 commits into
mainfrom
fix/necessary-category-readonly-settings
May 28, 2026
Merged

Fix/necessary Category Readonly Settings#28
jasperf merged 5 commits into
mainfrom
fix/necessary-category-readonly-settings

Conversation

@jasperf

@jasperf jasperf commented May 28, 2026

Copy link
Copy Markdown
Contributor

This release delivers version 2.0.1, a focused patch addressing three data-integrity bugs in the cookie consent settings management layer. The primary issue was that the necessary cookie category's enabled and readonly flags were not being preserved correctly across the full settings lifecycle — from form submission through PHP validation, AJAX handling, and JavaScript initialization. A secondary bug caused the is_regex boolean field to save as true regardless of its actual value due to a missing falsy-value check, and a third issue caused the admin UI to display a misleading "no changes detected" message even when changes had been saved. Together, these fixes ensure that the necessary category remains locked as enabled and non-editable across all layers of the plugin, and that all other category fields serialize and persist correctly.

Bug Fixes and Data Integrity:

  • inc/settings.php, inc/ajax.php, and warder-cookie-consent.php were updated to explicitly re-enforce enabled = true and readonly = true on the necessary category during validation and save, preventing user-submitted values from overriding the hardcoded constraint.
  • The is_regex serialization bug in the cookie rules form handler was corrected by explicitly checking for the presence of the checkbox field rather than relying on a truthy cast, which previously defaulted absent checkboxes to true.
  • The "no changes detected" false-positive in the AJAX save response was resolved by fixing the comparison logic that determined whether the incoming settings differed from the stored values.

JavaScript and Build:

  • src/index.js was updated to mirror the PHP-side constraint, ensuring createConfigFromSettings() always applies enabled: true and readOnly: true to the necessary category regardless of what window.sccSettings contains, and dist/cookieconsent.bundle.js was rebuilt accordingly.

Documentation:

  • CHANGELOG.md and readme.txt were expanded to document all three bug fixes under the 2.0.1 release entry, and a new docs/cookie-category-rules.md file was added to explain the cookie category configuration rules and constraints for developers integrating or extending the plugin.

Files Changed:

jasperf added 5 commits May 28, 2026 14:59
The necessary category's readonly checkbox was rendered with disabled
in the admin, but form.serialize() silently drops disabled fields.
This caused readonly (and potentially enabled) to be overwritten as
false every time settings were saved, making the Strictly Necessary
toggle interactive on the frontend.

Force enabled=true and readonly=true for the necessary category in
warder_validate_options regardless of form input, and disable both
checkboxes in the admin UI so they are visually consistent with their
enforced values. All other categories continue to use the submitted
checkbox values normally.
Hidden is_regex inputs used value="" for false. PHP's isset() returns
true for an empty string, so every non-regex cookie (_gid, _gat) was
silently saved as is_regex:true on every admin save, corrupting the
autoClear cookie list and masking real changes as "no changes detected".

Fix: hidden input now outputs '0' for false. Validation uses !empty()
and checks for literal '0' so only the string '1' is treated as true.

Also remove the "No changes detected" branch in the AJAX handler.
update_option() already runs, so always respond with "Settings saved"
to avoid misleading admins who toggle a setting back to its current
DB value.
Non-necessary categories were appearing as locked and pre-selected in
the frontend because enabled/readonly were read from DB values rather
than being enforced by policy.

- settings.php: always save enabled=false, readonly=false for non-necessary
  (was: isset check returned true whenever the key existed in the DB)
- index.js: hardcode enabled/readOnly based on category id, ignore DB values
- admin.php: replace confusing enabled/readonly checkboxes with clear info
  text — lock icon + explanation for necessary, unlock icon for others
- docs: add cookie-category-rules.md documenting the enforcement rules
The version bump commit only captured the first fix. Two more were
landed afterwards: is_regex always saving as true, and non-necessary
categories appearing locked in the frontend modal. Upgrade notice
updated to summarise all three data-corruption issues.
@jasperf
jasperf merged commit 5fbf59f into main May 28, 2026
2 checks passed
@jasperf
jasperf deleted the fix/necessary-category-readonly-settings branch May 28, 2026 08:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant